UPDATED 11:20 EDT / NOVEMBER 26 2019

INFRA

What’s it like knee-deep in Kubernetes? One word: DevSecOps

Kubernetes is the enabler behind a lot of cutting-edge information technology. Multicloud — a term we hear similarly often these days — may not even be feasible without it. But to manifest a new wave of higher-level, Kubernetes-driven computing, the industry really has to get this security thing figured out.

Kubernetes, on the surface, is an open-source platform for distributing containers (a virtualized method for running distributed applications). As companies increasingly adopt it, though, they come to see it as more than that. It — and containerized, microservices-based applications — change the way they see IT. It becomes something distributed, ephemeral, and centered around apps rather than infrastructure.

“Figuring out how to monitor and troubleshoot and secure that at scale is a huge challenge,” said John Coyle (pictured), vice president of business and corporate development at Sumo Logic Inc.

Coyle spoke with Stu Miniman (@stu), host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, and guest host John Troyer (@jtroyer), chief reckoner at TechReckoning, during the KubeCon + CloudNativeCon event in San Diego, California. They discussed the state of Kubernetes security and Sumo Logic’s DevSecOps platform for Kubernetes. (* Disclosure below.)

App, service level kick infra butt in Kubernetes world

Kubernetes demands a new kind of security — and development and operations too, according to Coyle. In fact, those are ideally all one word in the fast-paced world of containers and Kubernetes: DevSecOps. DevSecOps is a collaborative unit and should have just one platform too, Doyle added.

“It needs to be able to serve both the [site reliability engineer] for a traditional reliability issue all the way up to a [security operations center] analyst who’s trying to troubleshoot and identify whether there’s a real threat with a particular application vulnerability,” Doyle stated. 

To enable DevSecOps to operate efficiently and as a whole requires observability and monitoring at the service level. Practitioners working with containers and cloud-native technologies tend to think about microservices-based apps in terms of the app itself, and then all the different microservices it uses — not the underlying infrastructure, Doyle explained.

“That actually makes all the difference in terms of being able to effectively and quickly identify an issue and then remediate it,” he said. 

Sumo Logic’s recent “Continuous Intelligence Report” found that multicloud is growing 50% year- over-year in enterprises; this is largely driven by adoption of Kubernetes, according to Coyle. “I think a lot of customers are waking up: ‘This is great, but we’re not really securing this as effectively as we should be,'” Doyle said.

Two months ago, Sumo Logic announced a single platform for Kubernetes security, monitoring and troubleshooting. “We believe it’s the first true DevSecOps solution for Kubernetes,” Doyle concluded.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the KubeCon + CloudNativeCon event. (* Disclosure: Sumo Logic Inc. sponsored this segment of theCUBE. Neither Sumo Logic nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU